Vulnerability Description
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freeftpd | Freeftpd | 1.0.10 |
| Freesshd | Freesshd | 1.0.9 |
| Weonlydo | Wodsshserver | 1.2.7 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=full-disclosure&m=114764338702488&w=2
- http://secunia.com/advisories/19845PatchVendor Advisory
- http://secunia.com/advisories/19846Vendor Advisory
- http://secunia.com/advisories/20136Vendor Advisory
- http://securityreason.com/securityalert/901
- http://www.kb.cert.org/vuls/id/477960US Government Resource
- http://www.osvdb.org/25463
- http://www.osvdb.org/25569
- http://www.securityfocus.com/archive/1/434007/100/0/threaded
- http://www.securityfocus.com/archive/1/434038/100/0/threaded
- http://www.securityfocus.com/archive/1/434402/100/0/threaded
- http://www.securityfocus.com/archive/1/434415/100/0/threaded
- http://www.securityfocus.com/archive/1/434415/30/4920/threaded
- http://www.securityfocus.com/bid/17958Exploit
- http://www.vupen.com/english/advisories/2006/1785Vendor Advisory
FAQ
What is CVE-2006-2407?
CVE-2006-2407 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers...
How severe is CVE-2006-2407?
CVE-2006-2407 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2407?
Check the references section above for vendor advisories and patch information. Affected products include: Freeftpd Freeftpd, Freesshd Freesshd, Weonlydo Wodsshserver.